Mandriva Linux Security Advisory : libevent (MDVSA-2015:017-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing one or more security

Description :

Updated libevent packages fix security vulnerability :

Andrew Bartlett of Catalyst reported a defect affecting certain
applications using the Libevent evbuffer API. This defect leaves
applications which pass insanely large inputs to evbuffers open to a
possible heap overflow or infinite loop. In order to exploit this
flaw, an attacker needs to be able to find a way to provoke the
program into trying to make a buffer chunk larger than what will fit
into a single size_t or off_t (CVE-2014-6272).

See also :

Solution :

Update the affected lib64event-devel and / or lib64event5 packages.

Risk factor :


Family: Mandriva Local Security Checks

Nessus Plugin ID: 80436 ()

Bugtraq ID:

CVE ID: CVE-2014-6272

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now